Threat Intelligence Report

Popular node-ipc npm Package Infected with Credential Stealer

📅 May 14, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

Malicious versions of the widely used node-ipc npm package were published via a compromised maintainer account, enabling highly stealthy credential and configuration theft from developer and CI environments through obfuscated code that exfiltrates sensitive data using DNS TXT queries.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle